On 18/06/2019 10:13, Alexander Gryanko wrote: > Hello, > > I'm looking for the way to do something like SSL_CTX_set_alpn_select_cb but for > ciphers and ssl/tls protocol version. As I see ssl_choose_server_version and > ssl3_choose_cipher has no any callbacks in tls_early_post_process_client_hello. > Is there any way to disable protocols for some cases? Something like A/B testing > with 50% of traffic with enabled Chacha20 and 50% of traffic with disabled. If you are using OpenSSL 1.1.1 then probably you could do something with the client hello callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html Matt
